From nobody@FreeBSD.org  Sun Jun 26 20:05:23 2005
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8426D16A41C
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 26 Jun 2005 20:05:23 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6EBCF43D55
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 26 Jun 2005 20:05:23 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j5QK5NOG019122
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 26 Jun 2005 20:05:23 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id j5QK5MQr019120;
	Sun, 26 Jun 2005 20:05:22 GMT
	(envelope-from nobody)
Message-Id: <200506262005.j5QK5MQr019120@www.freebsd.org>
Date: Sun, 26 Jun 2005 20:05:22 GMT
From: Wietse Venema <wietse@porcupine.org>
To: freebsd-gnats-submit@FreeBSD.org
Subject: "Accounting resumed" while disk fills up
X-Send-Pr-Version: www-2.3

>Number:         82682
>Category:       kern
>Synopsis:       [kernel] "Accounting resumed" while disk fills up due to sign extension problem
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    rwatson
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jun 26 20:10:16 GMT 2005
>Closed-Date:    Sun Nov 27 19:09:38 GMT 2005
>Last-Modified:  Sun Nov 27 19:09:38 GMT 2005
>Originator:     Wietse Venema
>Release:        5.4 and 5.3
>Organization:
>Environment:
FreeBSD freebsd54.porcupine.org 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Sun May  8 10:21:06 UTC 2005     root@harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386

FreeBSD tail.porcupine.org 5.3-RELEASE FreeBSD 5.3-RELEASE #5: Sat Mar 12 22:58:16 EST 2005     wietse@tail.porcupine.org:/usr/src/sys/i386/compile/TAIL  i386

>Description:
When the disk fills up, the kernel as expected disables process accounting, but it RESUMES process accounting while the disk fills up further.

Perhaps the code gets confused when the free space becomes negative (see repeat-by example below). But that is pure speculation. 

I have been using FreeBSD for 10+ years and routinely use dd of /dev/zero to wipe the free space as root. I did not notice this accounting anomaly when I was still using FreeBSD 4.

>How-To-Repeat:
Execute the following command as root: 

# dd </dev/zero >bigfile

Kernel log example: 

Jun 26 15:38:53 freebsd54 kernel: Accounting suspended
Jun 26 15:39:23 freebsd54 kernel: Accounting resumed
Jun 26 15:40:04 freebsd54 kernel: pid 457 (dd), uid 0 inumber 188421 on /: filesystem full

Negative free space example:

# df
Filesystem  1K-blocks    Used   Avail Capacity  Mounted on
/dev/ad0s1a   3720788 3586676 -163550   105%    /



>Fix:

>Release-Note:
>Audit-Trail:

From: Bruce Evans <bde@zeta.org.au>
To: Wietse Venema <wietse@porcupine.org>
Cc: freebsd-gnats-submit@freebsd.org, freebsd-bugs@freebsd.org
Subject: Re: kern/82682: "Accounting resumed" while disk fills up
Date: Mon, 27 Jun 2005 23:39:52 +1000 (EST)

 On Sun, 26 Jun 2005, Wietse Venema wrote:
 
 >> Description:
 > When the disk fills up, the kernel as expected disables process accounting, but it RESUMES process accounting while the disk fills up further.
 >
 > Perhaps the code gets confused when the free space becomes negative (see repeat-by example below). But that is pure speculation.
 >
 > I have been using FreeBSD for 10+ years and routinely use dd of /dev/zero to wipe the free space as root. I did not notice this accounting anomaly when I was still using FreeBSD 4.
 
 This is one one the many possible and actual sign extension/overflow bugs
 caused by the poorly chosen types in the 64-bit statfs.  From kern_acct.c:
 
 %%%
  		if (sb.f_bavail > acctresume * sb.f_blocks / 100) {
  			acctp = savacctp;
  			acctcred = savacctcred;
  			acctflags = savacctflags;
  			savacctp = NULLVP;
  			savacctcred = NOCRED;
  			log(LOG_NOTICE, "Accounting resumed\n");
  		}
 %%%
 
 In RELENG_4, everything in struct statfs has a non-foot-shooting type
 (plain long), but in -current after 2003/12/11 the types don't mesh
 properly; most types are 64 bits; f_bavail is still signed, as it needs
 to be to represent negative free space, but most of the other types
 are unsigned, as they need to be to cause sign extension bugs.  In the
 above, `acctresume * sb.f_blocks / 100' has type uint64_t and is not
 very large, but sb.f_bavail has type int64_t and is not very large in
 absolute value, so as soon as sb.f_bavail becomes negative it is converted
 to a huge uint64_t as part of the comparison and the comparison always
 succeeds.
 
 Another bug in the above is that `acctresume * sb.f_blocks' overflows if
 sb.f_blocks exceeds 1/4 of the maximum for the data type.  This overflow
 is hard to reach since (2^64)/4-1 blocks should be enough for anyone, and
 even overflow at (2^31)/4 blocks in RELENG_4 is hard to reach due to
 other limits (mainly the limit of 2^31-1 512-blocks).
 
 Bruce
State-Changed-From-To: open->patched 
State-Changed-By: rwatson 
State-Changed-When: Sat Nov 12 11:15:30 GMT 2005 
State-Changed-Why:  
I recently fixed at least part of this bug as part of kern_acct.c:1.76, 
as well as some other unrelated bugs.  I did not fix the overflow issues 
described by bruce in this PR, however, as I just found the PR when 
doing a back search to see if I had closed any PRs with the various 
fixes committed. 

I'll MFC this patch in about two weeks, assuming there are no problems, 
and it should first appear in FreeBSD 5.5 or 6.1, whichever comes first. 



Responsible-Changed-From-To: freebsd-bugs->rwatson 
Responsible-Changed-By: rwatson 
Responsible-Changed-When: Sat Nov 12 11:15:30 GMT 2005 
Responsible-Changed-Why:  
I recently fixed at least part of this bug as part of kern_acct.c:1.76, 
as well as some other unrelated bugs.  I did not fix the overflow issues 
described by bruce in this PR, however, as I just found the PR when 
doing a back search to see if I had closed any PRs with the various 
fixes committed. 

I'll MFC this patch in about two weeks, assuming there are no problems, 
and it should first appear in FreeBSD 5.5 or 6.1, whichever comes first. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=82682 
State-Changed-From-To: patched->closed 
State-Changed-By: rwatson 
State-Changed-When: Sun Nov 27 19:09:12 GMT 2005 
State-Changed-Why:  
Merged to RELENG_6 as kern_acct.c:1.74.2.2. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=82682 
>Unformatted:
